[Wireshark-dev] error

Hi , Error : /usr/bin/ld: .libs/packet-chp.o: relocation R_X86_64_PC32 against `dissect_csse_header' can not be used when making a shared object; recompile with -fPIC Can somebody please clarify?? BR, Tarani The information contained in this electronic message and any attac

Re: [Wireshark-dev] The COPYING file (our license) is a mess!

Stephen Fisher wrote: > On Thu, Nov 15, 2007 at 02:30:17AM +0100, Joerg Mayer wrote: >> On Wed, Nov 14, 2007 at 10:20:12PM +0100, Jaap Keuter wrote: >>> So even though I'm not happy with this stuff it seems to be needed to >>> keep *stupid* people of our lists. >> I obviously think so too, but tha

Re: [Wireshark-dev] Question on Timing Accuracy

See http://wiki.wireshark.org/Timestamps for some background. Regards Anders -Ursprungligt meddelande- Från: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] För Nandakumar Muthuraj Skickat: den 20 november 2007 01:26 Till: Developer support list for Wireshark Ämne: [Wireshark-dev] Question on

Re: [Wireshark-dev] Problems when changing a dissector preference

[UTF-8?]On Mon, 19 Nov 2007 22:35:14 +0100, Stig Bjørlykke wrote > On 19. nov.. 2007, at 22.15, Jeff Morriss wrote: > > > Free it (and recreate it) in a routine registered with > > register_init_routine() instead? > > I am freeing it in the register_init_routine (which is called), but > does no

[Wireshark-dev] Question on Timing Accuracy

Hi , How I can improve my timing accuracy in the libpcap ? I use a GIGE interface and send/receive 128 Byte sized packets . How can I Get the accurate timing of packet arrival ? Regards, Nanda. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org

Re: [Wireshark-dev] Wish: Mark/Find the element matching the display filter

On 19. nov.. 2007, at 23.58, Guy Harris wrote: > That does raise an interesting question - if a pattern matches *more > than one* field in a packet, should "find next" find the next instance > that matches, even if it's in the same packet, or should it find the > next instance in that packet and,

Re: [Wireshark-dev] Wish: Mark/Find the element matching the display filter

On 19. nov.. 2007, at 23.53, Stephen Fisher wrote: > My bad, it does work as I had intended. It highlights the field (with > the function highlight_field()) whenever you do a hex or string > search, > but not when you do a filter search. I find this working with hex search, and string search i

Re: [Wireshark-dev] Wish: Mark/Find the element matching the display filter

Stephen Fisher wrote: > My bad, it does work as I had intended. It highlights the field (with > the function highlight_field()) whenever you do a hex or string search, > but not when you do a filter search. Should we add filter search > matches too? I'd say "yes" - if a search pattern of any so

Re: [Wireshark-dev] Wish: Mark/Find the element matching the display filter

On Mon, Nov 19, 2007 at 02:43:13PM -0700, Stephen Fisher wrote: > On Mon, Nov 19, 2007 at 10:29:12PM +0100, Stig Bj?rlykke wrote: > > > Does wireshark have any functionality like this? I know we have "Find > > Packet", but this does not display the matching element in the packet. > > Wireshark u

Re: [Wireshark-dev] [Wireshark-commits] rev 23471:/trunk/epan/dissectors/ /trunk/epan/dissectors/:packet-frame.c packet-sctp.c

Michael Tuexen wrote: > On Nov 19, 2007, at 4:50 PM, Jeff Morriss wrote: >> Michael Tuexen wrote: >>> On Nov 16, 2007, at 11:04 PM, [EMAIL PROTECTED] wrote: (One could rightfully argue that you should only see a fragmented chunk bundled with another chunk when retransmitting but, w

Re: [Wireshark-dev] Problems when changing a dissector preference

Stig Bjørlykke wrote: > On 19. nov.. 2007, at 22.15, Jeff Morriss wrote: > >> Free it (and recreate it) in a routine registered with >> register_init_routine() instead? > > I am freeing it in the register_init_routine (which is called), but > does not recreate it before the packages are disse

Re: [Wireshark-dev] Wish: Mark/Find the element matching the display filter

On Mon, Nov 19, 2007 at 10:29:12PM +0100, Stig Bj?rlykke wrote: > Does wireshark have any functionality like this? I know we have "Find > Packet", but this does not display the matching element in the packet. Wireshark used to do this - I remember adding the feature myself. I'll take a look at

[Wireshark-dev] Problems with HTTP Sample Captures

Two of the sample HTTP captures on the Sample Captures wiki page appear to be the wrong files: http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=tcp-wireshark-file1.trace and http://wiki.wireshark.org/SampleCaptures?action=Attach

Re: [Wireshark-dev] Problems when changing a dissector preference

On 19. nov.. 2007, at 22.15, Jeff Morriss wrote: > Free it (and recreate it) in a routine registered with > register_init_routine() instead? I am freeing it in the register_init_routine (which is called), but does not recreate it before the packages are dissected again. And with flags.visite

Re: [Wireshark-dev] [Wireshark-commits] rev 23471:/trunk/epan/dissectors/ /trunk/epan/dissectors/:packet-frame.c packet-sctp.c

Hi Jeff, see my comments in-line. Best regards Michael On Nov 19, 2007, at 4:50 PM, Jeff Morriss wrote: > > > Michael Tuexen wrote: >> On Nov 16, 2007, at 11:04 PM, [EMAIL PROTECTED] wrote: >>> (One could rightfully argue that you should only see a fragmented >>> chunk >>> bundled with another

[Wireshark-dev] Wish: Mark/Find the element matching the display filter

Hi. Often, when I have a packet with alot of elements, it's a bit hard to find the element matching the display filter. And when using a complex filter it would be nice to know why each packet matches. Does wireshark have any functionality like this? I know we have "Find Packet", but this

Re: [Wireshark-dev] Problems when changing a dissector preference

Stig Bjørlykke wrote: > Hi. > > In the DMP dissector I build a hash_table with some SEQ/ACK analysis > values the first time the package is dissected (when pinfo->fd- > >flags.visited==FALSE). This hash_table is deleted in the dissectors > init routine. > > When changing the udp port in

[Wireshark-dev] Problems when changing a dissector preference

Hi. In the DMP dissector I build a hash_table with some SEQ/ACK analysis values the first time the package is dissected (when pinfo->fd- >flags.visited==FALSE). This hash_table is deleted in the dissectors init routine. When changing the udp port in the dissectors preferences, from an un

Re: [Wireshark-dev] Extending wireshark's capture capabilities

Will Barker wrote: > 1) Inline with the realtime capture support currently offered on Windows by > other device types, "Realtime capture support" in what sense? "Update list of packets in real time"? > I have had to modify both wpcap.dll and packet.dll i.e. > as with HAVE_DAG_API, HAVE_AIRPCAP

Re: [Wireshark-dev] Extending wireshark's capture capabilities

- Original Message - From: "Will Barker" <[EMAIL PROTECTED]> To: "'Developer support list for Wireshark'" Sent: Monday, November 19, 2007 12:01 PM Subject: Re: [Wireshark-dev] Extending wireshark's capture capabilities > > I now have my own device capturing frames and passing them up t

Re: [Wireshark-dev] Extending wireshark's capture capabilities

I now have my own device capturing frames and passing them up to wireshark where they are being successfully decoded. I have encountered some problems along the way so I wonder if someone could confirm my findings and let me know if any of my conclusions are incorrect. Some of this is inter-relate

[Wireshark-dev] Windows installer: not installing SNMP MIBs yields startup errors

Hi list, I tend not to install the SNMP MIBs (on my Windows PC), probably because I noticed a long time ago that loading them during Wireshark startup took a non-zero amount of time and I never use them. Recently I started upgrading to the latest SVN versions on my PC because I needed some of

Re: [Wireshark-dev] Bitfield handling inproto_tree_add_uint_format()

Hi, The way it's working looks ok to me: Value = 1010 1010 Proto_add_item() 1010 10.. Ox2a x = tvb_get_guint8(tvb, 0) >> 2; X = 0010 1010 proto_tree_add_uint_format(tree, hf_x, tvb, 0, 1, x, > "the value of X formatted in some way"); Value = 0010 10.. 0x0A as a mask is used in hf_xx Rega

Re: [Wireshark-dev] Distributing a wireshark dissector

Thank you all for your help. Indeed, my problem was that I did not use the VC6 compiler. Once I compiled my dissector with this compiler, I was able to copy the dll to existing already-installed wiresharks. I prefer this option to creating a new custom installer whenever a new version of

Re: [Wireshark-dev] Bitfield handling in proto_tree_add_uint_format()

Hi, From a code point of view (epan/proto.c) I can see why this is happening. From a API point of view this looks wrong. If I'm serving the function the value to work with I expect it to work with that value, not its own interpretation of it. Let's have a look at what happens if we change this

Re: [Wireshark-dev] Distributing a wireshark dissector

I've also been developing a dissector and have followed much the same path as you. I'm developing at home on XP, distributing at work mainly on 2000, but with some PCs on XP. All is well except, oddly, the XP installations at work. First I checked the version of vcredist.exe I was using, but whe

Re: [Wireshark-dev] Dissector for OID:2.6.0.2.5 not implemented. Contact Etheral developers if you want this supported

On 19. nov.. 2007, at 15.35, Graeme Lunt wrote: > Can you run P7 over RTSE? I don't know yet. I just know we have some P7 encoding somewhere :) > Actually, my intention is to go the other way - I want to rename x411, > x420 and s4406 (to p1, p22, and p772 respectively) - this makes more > sense

Re: [Wireshark-dev] [Wireshark-commits] rev 23471:/trunk/epan/dissectors/ /trunk/epan/dissectors/:packet-frame.c packet-sctp.c

Michael Tuexen wrote: > On Nov 16, 2007, at 11:04 PM, [EMAIL PROTECTED] wrote: >> (One could rightfully argue that you should only see a fragmented >> chunk >> bundled with another chunk when retransmitting but, well, I'm >> staring at >> traces of an implementation--to remain nameless to pro

[Wireshark-dev] Bitfield handling in proto_tree_add_uint_format()

Hi all, I have the following question: in the dissector I am writing, there is a bitfield occupying bits [2..7] of a byte. I have defined it as follows: { &hf_x, { "X", "p.x", FT_UINT8, BASE_HEX, NULL, 0xfc, "", HFILL }} Everything is okay if I add that field using proto_tree_add_item(). Howev

Re: [Wireshark-dev] Dissector for OID:2.6.0.2.5 not implemented. Contact Etheral developers if you want this supported

Stig, > > There is basic P7 support in Wireshark in SVN 23479. > > I will try this dissector on our P7 traffic. Thanks. BTW, I know the content attribute won't get decoded correctly at the moment if it is before the envelope attribute in a fetch result. Can you run P7 over RTSE? > But should we

Re: [Wireshark-dev] Dissector for OID:2.6.0.2.5 not implemented. Contact Etheral developers if you want this supported

2007/11/19, Graeme Lunt <[EMAIL PROTECTED]>: > There is basic P7 support in Wireshark in SVN 23479. I will try this dissector on our P7 traffic. But should we be more consistent on the naming policy? E.g. rename asn1/p7 to asn1/x413 and packet-p7 to packet-x413? -- Stig Bjørlykke _

Re: [Wireshark-dev] Dissector for OID:2.6.0.2.5 not implemented. Contact Etheral developers if you want this supported

John, > I'm responding to this request in my trace file. > > Is this all I have to or do I also have to supply the appropriate > Dissector? ;-) There is basic P7 support in Wireshark in SVN 23479. It does message submission and retrieval operations, but currently not the administrative operations